CVE-2025-0649

Source
https://cve.org/CVERecord?id=CVE-2025-0649
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0649.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-0649
Downstream
Published
2025-05-06T20:20:02.345Z
Modified
2026-07-15T02:13:35.780703865Z
Severity
  • 8.9 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H CVSS Calculator
Summary
Stack Exhaustion In Tensorflow Serving
Details

Incorrect JSON input stringification in Google's Tensorflow serving versions up to 2.18.0 allows for potentially unbounded recursion leading to server crash.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/0xxx/CVE-2025-0649.json",
    "cwe_ids": [
        "CWE-121"
    ],
    "cna_assigner": "Google"
}
References

Affected packages

Git / github.com/tensorflow/serving

Affected ranges

Type
GIT
Repo
https://github.com/tensorflow/serving
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:google:tensorflow_serving:*:*:*:*:*:*:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.18.0"
        }
    ]
}

Affected versions

0.*
0.4.0
0.4.1
0.5.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-0649.json"